Re: [squid-users] generic kerberos support in 2.6?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 20 Dec 2006 11:06:33 +0100

mån 2006-12-18 klockan 23:41 -0500 skrev Brian J. Murrell:

> Indeed. And it can be done, I think, by adding native KRB5 support to
> ntlm_auth (right now ntlm_auth assumes everything will be wrapped in
> SPNEGO), but it would be less hacking there if Firefox could be
> convinced to use SPNEGO on non-windows platform, even when all it has
> are KRB5 (or any other non MS specific) credentials.

The Negotiate scheme is SPNEGO by definition.

Native KRB5 is the Kerberos scheme..

But adding a native Kerberos interface to ntlm_auth would make sense as
well, much like it has a native NTLM interface. Skipping SPNEGO.

But we do not yet have support for the Kerberos scheme in Squid. But
it's just to make a copy of Negotiate and rename it to Kerberos..

Regards
Henrik

Received on Wed Dec 20 2006 - 03:06:45 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST